IETF Logo Mail Archive

Re: [Dime] Ben Campbell's No Objection on draft-ietf-dime-congestion-flow-attributes-01: (with COMMENT)

"Bertz, Lyle T [CTO]" <Lyle.T.Bertz@sprint.com> Mon, 15 June 2015 16:43 UTC

Return-Path: <Lyle.T.Bertz@sprint.com>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 735F21A908C; Mon, 15 Jun 2015 09:43:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mPESqvWatYZe; Mon, 15 Jun 2015 09:43:49 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0790.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::790]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B5A41A908A; Mon, 15 Jun 2015 09:43:49 -0700 (PDT)
Received: from BN1AFFO11FD032.protection.gbl (10.58.52.33) by BN1AFFO11HUB010.protection.gbl (10.58.52.120) with Microsoft SMTP Server (TLS) id 15.1.190.9; Mon, 15 Jun 2015 16:43:31 +0000
Authentication-Results: spf=permerror (sender IP is 144.230.32.80) smtp.mailfrom=sprint.com; ietf.org; dkim=none (message not signed) header.d=none;
Received-SPF: PermError (protection.outlook.com: domain of sprint.com used an invalid SPF mechanism)
Received: from preapdm1.corp.sprint.com (144.230.32.80) by BN1AFFO11FD032.mail.protection.outlook.com (10.58.52.186) with Microsoft SMTP Server (TLS) id 15.1.190.9 via Frontend Transport; Mon, 15 Jun 2015 16:43:30 +0000
Received: from pps.filterd (preapdm1.corp.sprint.com [127.0.0.1]) by preapdm1.corp.sprint.com (8.15.0.59/8.15.0.59) with SMTP id t5FGZDC9004787; Mon, 15 Jun 2015 12:43:30 -0400
Received: from prewe13m08.ad.sprint.com (prewe13m08.corp.sprint.com [144.226.128.27]) by preapdm1.corp.sprint.com with ESMTP id 1v0h0a4mn7-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 15 Jun 2015 12:43:30 -0400
Received: from PLSWE13M07.ad.sprint.com (2002:90e5:d61a::90e5:d61a) by PREWE13M08.ad.sprint.com (2002:90e2:801b::90e2:801b) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Mon, 15 Jun 2015 12:43:29 -0400
Received: from PLSWE13M07.ad.sprint.com ([fe80::b8a7:9769:a6fe:384c]) by PLSWE13M07.ad.sprint.com ([fe80::b8a7:9769:a6fe:384c%15]) with mapi id 15.00.1044.021; Mon, 15 Jun 2015 11:43:29 -0500
From: "Bertz, Lyle T [CTO]" <Lyle.T.Bertz@sprint.com>
To: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org>
Thread-Topic: [Dime] Ben Campbell's No Objection on draft-ietf-dime-congestion-flow-attributes-01: (with COMMENT)
Thread-Index: AQHQouX71p1RMb+akkKP57wDqWfHap2tyQQQ
Date: Mon, 15 Jun 2015 16:43:28 +0000
Message-ID: <7c2281e81c8c4f7592d8fcd8478211bd@PLSWE13M07.ad.sprint.com>
References: <20150609185615.7145.32430.idtracker@ietfa.amsl.com>
In-Reply-To: <20150609185615.7145.32430.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.229.91.95]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11FD032; 1:SMHlw1v59eog3iCzRUh3jsxJEZXUzYvqbJsv6TU81vtTIfLAhOvMrrgTa9dkp/4oc6ADiE1tgEAnFqGhO6uMZ6mBLDViyxdPBgvJeLwJmJJsnmxpzJstaGfcdGqJ4Dk9CdZ7GYjIOTkDrzBTeQrfDTP5bNs0uqn144bSl9O/ttm8HPhYvZopwdwIAZ6GM8zwO2VHS35kYlFZISJKSGyXcwm1ZYbrOws/L75v777RsT6PURAUGgwdQLd5mC29rwoAsRPexWh3DMgFWM/Z31eBkTZ1T89ZGgFssrCNFXRTW7er9sRpK9s/K1pZHGNuFJEKCrLqALxdhXwQn4p9Oe/wYQ==
X-Forefront-Antispam-Report: CIP:144.230.32.80; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(448002)(13464003)(377454003)(52044002)(189002)(199003)(62966003)(23676002)(77156002)(86362001)(106116001)(5250100002)(54356999)(76176999)(85326001)(50986999)(19580405001)(6806004)(5001960100002)(108616004)(189998001)(33646002)(46102003)(24736003)(2950100001)(2900100001)(5003600100002)(19580395003)(230783001)(87936001)(50466002)(2656002)(5001770100001)(92566002)(102836002)(106466001)(15975445007)(47776003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1AFFO11HUB010; H:preapdm1.corp.sprint.com; FPR:; SPF:PermError; MLV:sfv; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11HUB010; 2:gxKIpp2lnQArn4/ftiq64muhKPClfKEyiDFL+h08ylLZ77ebp+DnHrqjg0dyNs3C; 2:8Sdc3KyoyryyZ1ahzp2Gcyw+mgprCFeGEKje9d9rJiZ3joKturzKkhCiv54HsdSCwATApqz4Uz104aMX2cvgSQaZsuQ+kwzj51uhKGZx1ccyeIdMCM3xjYRhQuhiZliiIxcFl2XQ+U5eZxdPJMqYkIOPN0AiBBvlz3PkJdhmU0AngFTuUatBl7CHQFz7uWHNhiRNCK93oLZMukiumld3xYOcl2APLYOQwZvh2bIH2B4=; 6:RCyPOP7N5UYhK6FyY8yqkTp2VOE4Z0mpIVmKx3HPuGXbZzAh8q4pXYQrq4SvOzq5IFePa7yq2o8XfxkxytRB2Jhb/iapevjHf2N+UDBGWMYQkTfB3HtizmhR7E5i7WX1xctQcsxNUFdrevwXL03jutasHCIKtWTAY1N1NFF0+grzQx/FC1pBOj0uHRZtIQ2VhQ6MLEA3JcR/2ocJZMtXy+izXFmrk8uVZxqMymH7KVfIDMublGUZVQlYC4iXqok6; 3:BvP181wSHwuxHMQNjotI4JH6H8V8gLINFQqA7qE32w6j3dfEz5PDNWzDzlCIrdg4NI6JHzEJPQRRJWp7jt4DiwSTgF/q5OJNU2IrAjUKp2v7ItPMGQx8xLYVc1xa78q0MliMEbGe1UQKUevaNgV/FThvTlNqwWc6soosy6BpTEivHN1HWlUucIhlczaP0Fr1HwIW0T3cJnOMiMokNk3HGRqw5WXqCFiN8+/Gnm1UfD6lVz9jWUSE+u4WlGGs3E3F2/lP7JOjKJWCJU/qUDdpv0Js+AdRsKbrAEa5PIJFDe82w20ZvhwJyv36gFTW2Esz
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1AFFO11HUB010;
X-Microsoft-Antispam-PRVS: <BN1AFFO11HUB010843ECA6AA412E3772069A4B80@BN1AFFO11HUB010.protection.gbl>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(520003)(3002001); SRVR:BN1AFFO11HUB010; BCL:0; PCL:0; RULEID:; SRVR:BN1AFFO11HUB010;
X-Forefront-PRVS: 0608DEDB67
X-Microsoft-Exchange-Diagnostics: 1;BN1AFFO11HUB010;9:7HO40hTlvoyLmulobZMzovLPXm2+UYgDZl5lP2iX0b/PeqwER6kshlwURvexOX2kfivvq5RhOKpt+ISgQgvCGb7VwouwnLpDo6Su3nRWQMf/Dp1NWKy9KEB9zknuWVAAQQVSqyOz90pE/V/PD8CflFMuay7KkC8SF2COn4rH58TkNbsDl2t7pfMsnGvkZBfKKpsfsVEtdseZ3lVoTvlIOZuP679pKo635EUkDzCB5GO+ODOR97BDSkk9yplwpy58qPY8R+Xwt+jRQoS/O93idolf6VY2QsaP5wNVmWjpwyEsTpv+3w0XiH4iRvGDcrxCklGnV9CGXHnuHOd1yNvU4Spt/QKIDZVPW4NSjxcIS6QcBm8rerhUtRoiqIOfgEK+J+5UE62AwAmVHr3OaQzC9q61NnaBpH5Jm+Set9jtILY5p2K3nIbXILYlzzDK0KBei/xSNJ3RVATbI4zdD/IZ/BEGWJXUWGyXFaMcOlhLAVrnQKIkUZZx0WY00KSn7MIIwkO+FtYk+eM+JEz9zPXj8IxBPjJ3mBbfhsjrHJTSBXtXNDWSHtlAa6X1ymOZOy9OpEBBzwKTCPC2uBnmHmS0zSBOtbI694hisUT+erWjMtZIdQU5wiaKKN+OcC1kCQVr0BD+lRbcrUVaQCESYyBbAXoMBL3KtaYxE+KbV2wyXatS6Ohr6ZmJIGsUI2sYGy7MvXQG4CC7AfK8KzzZuR2mIpTjqsh+ZYxPD0Bxp8coMGr0XT6HUNwSbAgY5VaOeRxW2KfS87aGk/wwQbxYwnLmo0bkoqMXxI8E99EIY/xoC80tlBvLCN+0tdY0UNwmlfpearrGYXw6UnvtPwzPQJHI8ZIhkTmnhkC+Leiegf68E+2N4Kof4ZSuAArZaEuE1hgt6WRSGa52x+EQcRV6rsOdG1Ac5dZJq4WaxCWx6XDFdZOpTNekdYDprc+G5+449id1BN7zTeONtvz1pPBTMmrG/cYnJ/G9rsJl8gZdl+UQR5jSJiZ3KSN3BglBgpsFdyd4F0h6yU+2bxcmv9Lb0X5i3g==
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11HUB010; 3:6YuSWUHnObn8/qluMWTyo3BrfBsM952m9t2R4ypBf2UHxgbE02gh4t9l/159R+lR97QwM0MNRdj7wS3x7nTnB2f4Of8C5FtMMvE9JHz3MUgrRdO2mcV+9SA4odUIL2Z25NxuMF5lXPMNCXizWrN3LA==; 10:2xYsBsgfswfYDms506OKyXzJhLokzXCoO/UmqXMvsW4IJcLJOZSUatnBUivyN/bsmEzxlprNa7LpesN5l/f9Mv3eVZbwrtDIgbBRRJxG/kU=
X-OriginatorOrg: sprint.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2015 16:43:30.9702 (UTC)
X-MS-Exchange-CrossTenant-Id: 4f8bc0ac-bd78-4bf5-b55f-1b31301d9adf
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=4f8bc0ac-bd78-4bf5-b55f-1b31301d9adf; Ip=[144.230.32.80]; Helo=[preapdm1.corp.sprint.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1AFFO11HUB010
Archived-At: <http://mailarchive.ietf.org/arch/msg/dime/bEKfSCMqaWs3ICrbjWTlKVkaE5w>
Cc: "dime-chairs@ietf.org" <dime-chairs@ietf.org>, "dime@ietf.org" <dime@ietf.org>
Subject: Re: [Dime] Ben Campbell's No Objection on draft-ietf-dime-congestion-flow-attributes-01: (with COMMENT)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2015 16:43:52 -0000

Ben,

Thank you for the review.  Our changes and responses are below.

Lyle

-----Original Message-----
From: DiME [mailto:dime-bounces@ietf.org] On Behalf Of Ben Campbell
Sent: Tuesday, June 09, 2015 1:56 PM
To: The IESG
Cc: dime-chairs@ietf.org; dime@ietf.org
Subject: [Dime] Ben Campbell's No Objection on draft-ietf-dime-congestion-flow-attributes-01: (with COMMENT)

Ben Campbell has entered the following ballot position for
draft-ietf-dime-congestion-flow-attributes-01: No Objection

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dime-congestion-flow-attributes/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

This mostly looks good. I have a few comments that are not show
stoppers:

substantive:

-- Abstract: I concur with Stephen that the abstract doesn't really address the heart of the matter. (It also seems longer than needed.)

>>>> We responded to Stephen's comments regarding the intro.  If you could give your feedback on that thread it would be much appreciated.

-- 5.2: I don’t see the Congestion-Treatment AVP actually used in the example. At least if it is, it’s not called out. I think it would be helpful to explicitly show it. Also, can you add a reference for Excess-Treatment?

>>>> We have not added one for Congestion-Treatment due to the similarity to Excess Treatment. The example we drafted were simplistic at best, "CE mark set the Diameter node declares congestion and acts according to the information included in the Congestion-Treatment AVP".  Because the AVP lets the node take immediate action the example was small and then it became a question of whether it should be its own subheading in the examples.  In that case you have a new subheading for roughly a one line sentence.

"If Excess-Treatment or Congestion-Treatment has occurred..."

Does this mean “if the conditions associated with Excess-Treatment or Congestion-Treatment have occurred”, or “Excess-Treatment or Congestion-Treatment have been
 sent in a Diameter message”?

>>>> It is conditions associated with ...   The point of 5777 is to give the node receiving the Filter-Rule a plan of what to do when the conditions occur as opposed to the node querying a decision point for more direction.  We will change the text to "If conditions associated with Excess-Treatment [RFC5777] ... "

--6, first sentence.

I’d like to see a little more “show your work" here. These AVPs carry new kinds of content. That, in itself, might add new security considerations (e.g. is the content privacy-sensitive, especially damaging if tampered with, etc). Please consider adding a few sentences describing the new content, and why you believe that content does or does not have new security considerations. You kind of do that for ECN-IP-Codepoint and Congestion-Treatment, but I don't see anything for the other two new AVPs.

(I'm probably the other person that Stephen mentioned consider such sentences as a red flag.)

>>>> Ok.  Bigger update here.  We are dropping the first sentence and expanding upon the note we made in 5.2 about less reliance on DPI for at least congestion management.
>>>> This is the new Section 6.  The last paragraph is unchanged.

-------- New Section 6 --------
This document describes an extension of RFC5777 that introduces a new filter parameter applied to ECN as defined by [RFC3168].  It also defines a new Grouped AVP that expresses what action to take should congestion be detected.  The Grouped AVP reuses attributes defined in RFC5777. As these are extensions to RFC 5777, they do not raise new security concerns.

The Flow-Count and Packet-Count AVPs can be provided in conjunction with customary AVPs, e.g. Bytes, Time, Service Units, during Accounting activities as described in the base protocol [RFC6733] or other Diameter applications. These AVPs provide information that can be privacy sensitive.  The privacy sensitivity is directly related to traffic captured by Filters and associated reports.  Narrow filtering, which creates the highest level of privacy sensitivity, is too resource intensive to be practical on large networks.  Paradoxically, improving reporting information lessens the depth of inspection required to characterize traffic for many congestion management activities as noted in Section 5.2.

If an administrator can provide congestion actions without the need to report them to a Diameter application they should use the Congestion-Treatment AVP which also reduces Diameter traffic during congestion events.

The security considerations of the Diameter protocol itself have been discussed in RFC 6733 [RFC6733].  Use of the AVPs defined in this document MUST take into consideration the security issues and requirements of the Diameter base protocol.
___------------------------

>>>Other points (just piling on here at this point):
>>>1.  Some MIBs have this data but policy decision points have existing Diameter based sessions.
>>>2.  This solution works if the traffic is encrypted  or not - providing a necessary and sufficient baseline for congestion management.

>>> We thought that Section 5.2, 2nd last para, last sentence expressed our intent but highlighting it again in Section 6 is not an issue.  In summary, the addition of the AVPs lessens DPI requirements for congestion management and a need for the traffic to be unencrypted in order to take congestion management action.  Arguably there may be better management methods that require clear or other drivers for DPI but if one bases action on ECN, flow, packet and byte count then DPI are clear traffic is not required.
Editorial:

-- Abstract: Please expand ECN and AVP on first mention (both in abstract and in body.)

-- 3.2, first paragraph "In case..."

I suggest either "If..." or "In the case that..."

>>>> We will change to "In the case that..."

-- 5.1: There are several instances of "ECP-IP-Codepoint" that I assume should be "ECN..."

>>>> Yes. We will correct.
_______________________________________________
DiME mailing list
DiME@ietf.org
https://www.ietf.org/mailman/listinfo/dime

________________________________

This e-mail may contain Sprint proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.

v2.23.0 | Report a Bug | By Email